I’m not a geek, I don’t think, and I have not yet used OpenId, but I do use many dozens of different sites. It wouldn’t bother me so much if they all used the email address approach to username. It wouldn’t bother me so much if they all insisted on the same conventions for usernames. It wouldn’t bother me so much if I cared about their security all at the same level.

But the reality is that many sites make different demands on you WHEN YOU REGISTER, but give you no clue what those demands were when you are asked to sign up again. How many times have I struggled to remember, is this a my work username? The short username from the past I use for insecure and rather public sites? A special one I had to invent for this site? or an email address? And did the password have to have a number in it? or a non-alpha?

I’ve used re-directing sites, particularly AthensDA in the UK, and as far as I’m concerned it’s great. I get a very clear context letting me know I’m at my home institution and about to login with the username and password I need for external service authentication. I give them, click, pause, I’m back where I was an in action. Soooo much easier for me… and for my external service provider, who doesn’t have to manage my identity.

So the implementation may be broke, but I think there IS a problem to solve!